<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Fuel extends CustomSecurity { 

	function Fuel($db){ 
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $id, $date, $km, $f_litres, $f_price, $comment
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($date, $km, $f_litres, $f_price, $comment){ 

		escape_string($date);
		escape_string($km);
		escape_string($f_litres);
		escape_string($f_price);
		escape_string($comment);
		
		$groupId = $_SESSION['group_id'];
		if (strcasecmp($groupId, '-1') == 0){
			$groupId = null;
		}

		$statement = "INSERT INTO fuel (date, km, f_litres, f_price, comment, userId, groupId) VALUES ('$date', '$km', '$f_litres', '$f_price', '$comment', '".$_SESSION['user_id']."', '".$groupId."');";
		$results   = mysql_query($statement);

		if($results){
			return true;
		}else{
			return false;
		}

	}//End add()


	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function remove($primaryKeyValue){ 

		//Custom SQL Injection Escaping HERE

		$statement = "DELETE FROM fuel WHERE id = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($primaryKeyName, $primaryKeyValue, $columnNameToUpdate, $columnValue){ 

		//Custom SQL Injection Escaping HERE

		$statement = "UPDATE Fuel SET $columnNameToUpdate = '$columnValue' WHERE $primaryKeyName = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT id, date, km, f_litres, f_price, comment FROM Fuel";
		$results   = mysql_query($statement);

		return $results;

	}//End getAll()


	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyName, $primaryKeyValue){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT id, date, km, f_litres, f_price, comment FROM Fuel WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
		$results   = mysql_query($statement);

		return $results;

	}//End getObject()
	
	function getEntries(){ 

		$statement = "SELECT DISTINCT date_format(date, '%M %Y'), DATE_FORMAT( date, CONCAT(ELT( MONTH(date), 'Януари','Февруари','Март','Април','Май','Юни','Юли','Август','Септември','Октомври','Ноември','Декември'),' %Y')) FROM fuel WHERE (userId=".$_SESSION['user_id']." OR groupId=".$_SESSION['group_id'].") ORDER BY date DESC";
		$results   = mysql_query($statement);

		return $results;

	}


}//End Class Fuel
?>